Journal of Cryptology

, Volume 31, Issue 2, pp 537–586 | Cite as

Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs

  • Carmit Hazay


In this paper, we study the two fundamental functionalities oblivious polynomial evaluation in the exponent and set-intersection and introduce a new technique for designing efficient secure protocols for these problems (and others). Our starting point is the technique (Benabbas et al. in CRYPTO, 2011) for verifiable delegation of polynomial evaluations, using algebraic PRFs. We use this tool, that is useful to achieve verifiability in the outsourced setting, in order to achieve privacy in the standard two-party setting. Our results imply new simple and efficient oblivious polynomial evaluation (OPE) protocols. We further show that our OPE protocols are readily used for secure set-intersection, implying much simpler protocols in the plain model. As a side result, we demonstrate the usefulness of algebraic PRFs for various search functionalities, such as keyword search and oblivious transfer with adaptive queries. Our protocols are secure under full simulation-based definitions in the presence of malicious adversaries.


Efficient secure computation Oblivious polynomial evaluation Secure set-intersection Committed oblivious PRF 


  1. 1.
    Y. Azar, A.Z. Broder, A.R. Karlin, E. Upfal, Balanced allocations. SIAM J. Comput. 29(1), 180–200 (1999)Google Scholar
  2. 2.
    G. Ateniese, E. De Cristofaro, G. Tsudik, (if) size matters: Size-hiding private set intersection, in IACR Cryptology ePrint Archive, 2010:220 (2010)Google Scholar
  3. 3.
    G. Ateniese, Ö. Dagdelen, I. Damgård, D. Venturi, Entangled cloud storage, in IACR Cryptology ePrint Archive, 2012:511 (2012)Google Scholar
  4. 4.
    G. Aggarwal, N. Mishra, B. Pinkas, Secure computation of the kth-ranked element, in EUROCRYPT (2004), pp. 40–55Google Scholar
  5. 5.
    R. Bendlin, I. Damgård, C. Orlandi, S. Zakarias, Semi-homomorphic encryption and multiparty computation, in EUROCRYPT (2011), pp. 169–188Google Scholar
  6. 6.
    D. Beaver, Foundations of secure interactive computing, in CRYPTO (1991), pp. 377–391Google Scholar
  7. 7.
    S. Benabbas, R. Gennaro, Y. Vahlis, Verifiable delegation of computation over large datasets, in CRYPTO (2011), pp. 111–131Google Scholar
  8. 8.
    A.Z. Broder, M. Mitzenmacher, Using multiple hash functions to improve IP lookups, in INFOCOM (2001), pp. 1454–1463Google Scholar
  9. 9.
    R. Canetti, Security and composition of multi-party cryptographic protocols. Journal of Cryptology 13, 143–202 (2000)Google Scholar
  10. 10.
    E. De Cristofaro, J. Kim, G. Tsudik, Linear-complexity private set intersection protocols secure in malicious model, in ASIACRYPT (2010), pp. 213–231Google Scholar
  11. 11.
    Y.C. Chang, C.J. Lu, Oblivious polynomial evaluation and oblivious neural learning. Theor. Comput. Sci. 341(1-3), 39–54 (2005)Google Scholar
  12. 12.
    D. Chaum, T.P. Pedersen, Wallet databases with observers, in CRYPTO (1992), pp. 89–105Google Scholar
  13. 13.
    E. De Cristofaro, G. Tsudik, Practical private set intersection protocols with linear complexity, in Financial Cryptography (2010), pp. 143–159Google Scholar
  14. 14.
    C. Dong, L. Chen, Z. Wen, When private set intersection meets big data: an effcient and scalable protocol, in IACR Cryptology ePrint Archive, 2013:515 (2013)Google Scholar
  15. 15.
    I. Damgård, M. Jurik, J.B. Nielsen, A generalization of paillier’s public-key system with applications to electronic voting. Int. J. Inf. Sec. 9(6), 371–385 (2010)Google Scholar
  16. 16.
    I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, N.P. Smart, Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits, in Computer Security - ESORICS 2013 - 18th European Symposium on Research in Computer Security, Egham, UK, September 9-13, 2013. Proceedings (2013), pp. 1–18Google Scholar
  17. 17.
    I. Damgård, V. Pastro, N.P. Smart, S. Zakarias, Multiparty computation from somewhat homomorphic encryption, in CRYPTO (2012), pp. 643–662Google Scholar
  18. 18.
    D. Dachman-Soled, T. Malkin, M. Raykova, Moti Yung, Efficient robust private set intersection, in ACNS (2009), pp. 125–142Google Scholar
  19. 19.
    Y. Dodis, A. Yampolskiy, A verifiable random function with short proofs and keys, in Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings (2005), pp. 416–431Google Scholar
  20. 20.
    S. Faust, C. Hazay, D. Venturi, Outsourced pattern matching, in ICALP (2013)Google Scholar
  21. 21.
    M.J. Freedman, Y. Ishai, B. Pinkas, O. Reingold, Keyword search and oblivious pseudorandom functions, in TCC (2005), pp. 303–324Google Scholar
  22. 22.
    M.J. Freedman, K. Nissim, B. Pinkas, Efficient private matching and set intersection, in EUROCRYPT (2004), pp. 1–19Google Scholar
  23. 23.
    T. El Gamal, A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)Google Scholar
  24. 24.
    N. Gilboa, Two party rsa key generation, in CRYPTO (1999), pp. 116–129Google Scholar
  25. 25.
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or a completeness theorem for protocols with honest majority, in STOC (1987), pp. 218–229Google Scholar
  26. 26.
    O. Goldreich, Foundations of Cryptography: Volume 2, Basic Applications (Cambridge University Press, New York, NY, USA, 2004)Google Scholar
  27. 27.
    C. Hazay, Oblivious polynomial evaluation and secure set-intersection from algebraic prfs, in Theory of Cryptography - 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23-25, 2015, Proceedings, Part II (2015), pp. 90–120Google Scholar
  28. 28.
    C. Hazay, Y. Lindell, Efficient oblivious polynomial evaluation with simulation-based security. IACR Cryptology ePrint Archive, 2009:459 (2009)Google Scholar
  29. 29.
    C. Hazay, Y. Lindell, Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. J. Cryptology 23(3), 422–456 (2010)Google Scholar
  30. 30.
    C. Hazay, Y. Lindell, Efficient Secure Two-Party Protocols – Techniques and Constructions (Springer-Verlag, 2010)Google Scholar
  31. 31.
    C. Hazay, G.L. Mikkelsen, T. Rabin, T. Toft, Efficient RSA key generation and threshold paillier in the two-party setting, in CT-RSA (2012), pp. 313–331Google Scholar
  32. 32.
    C. Hazay, K. Nissim, Efficient set operations in the presence of malicious adversaries. J. Cryptology 25(3), 383–433 (2012)Google Scholar
  33. 33.
    C. Hazay, T. Toft, Computationally secure pattern matching in the presence of malicious adversaries, in ASIACRYPT (2010), pp. 195–212Google Scholar
  34. 34.
    Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in CRYPTO (2008), pp. 572–591Google Scholar
  35. 35.
    S. Jarecki, X. Liu, Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection, in TCC (2009), pp. 577–594Google Scholar
  36. 36.
    S. Jarecki, X. Liu, Fast secure computation of set intersection, in SCN (2010), pp. 418–435Google Scholar
  37. 37.
    A. Kirsch, M. Mitzenmacher, U. Wieder, More robust hashing: Cuckoo hashing with a stash, in Algorithms—ESA 2008, 16th Annual European Symposium, Karlsruhe, Germany, September 15–17, 2008. Proceedings (2008), pp. 611–622Google Scholar
  38. 38.
    L. Kissner, D. Xiaodong Song, Privacy-preserving set operations, in CRYPTO (2005), pp. 241–257Google Scholar
  39. 39.
    Y. Lindell, Fast cut-and-choose based protocols for malicious and covert adversaries, in CRYPTO (2) (2013), pp. 1–17Google Scholar
  40. 40.
    Y. Lindell, E. Oxman, B. Pinkas, The IPS compiler: optimizations, variants and concrete efficiency, in CRYPTO, pp. 259–276Google Scholar
  41. 41.
    Y. Lindell, B. Pinkas, Privacy preserving data mining. J. Cryptology 15(3), 177–206 (2002)Google Scholar
  42. 42.
    Y. Lindell, B. Pinkas, Secure two-party computation via cut-and-choose oblivious transfer, in TCC (2011), pp. 329–346Google Scholar
  43. 43.
    S. Micali, P. Rogaway, Secure computation (abstract), in CRYPTO (1991), pp. 392–404Google Scholar
  44. 44.
    J.B. Nielsen, P.S. Nordholt, C. Orlandi, S.S. Burra, A new approach to practical active-secure two-party computation, in CRYPTO (2012), pp. 681–700Google Scholar
  45. 45.
    J.B. Nielsen, C. Orlandi, Lego for two-party secure computation, in TCC (2009), pp. 368–386Google Scholar
  46. 46.
    M. Naor, B. Pinkas, Oblivious transfer and polynomial evaluation, in STOC (1999), pp. 245–254Google Scholar
  47. 47.
    M. Naor, B. Pinkas, Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1281 (2006)Google Scholar
  48. 48.
    M. Naor, O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, in FOCS, (1997), pp. 458–467Google Scholar
  49. 49.
    T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes, in CRYPTO (1992), pp. 31–53Google Scholar
  50. 50.
    P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in EUROCRYPT, (1999), pp. 223–238Google Scholar
  51. 51.
    B. Pinkas, T. Schneider, G. Segev, M. Zohner, Phasing: private set intersection using permutation-based hashing, in USENIX (2015), pp. 515–530Google Scholar
  52. 52.
    B. Pinkas, T. Schneider, M. Zohner, Faster private set intersection based on OT extension, in Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20–22, 2014 (2014), pp. 797–812Google Scholar
  53. 53.
    C.P. Schnorr, Efficient identification and signatures for smart cards, in CRYPTO (1989), pp. 239–252Google Scholar
  54. 54.
    B. Schoenmakers, P. Tuyls, Practical two-party computation based on the conditional gate, in ASIACRYPT (2004), pp. 119–136Google Scholar
  55. 55.
    D. Vergnaud, Efficient and secure generalized pattern matching via fast fourier transform, in AFRICACRYPT (2011), pp. 41–58Google Scholar
  56. 56.
    A.C.C. Yao, How to generate and exchange secrets (extended abstract), in FOCS (1986), pp. 162–167Google Scholar
  57. 57.
    H. Zhu, F. Bao, Augmented oblivious polynomial evaluation protocol and its applications, in ESORICS (2005), pp. 222–230Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  1. 1.Faculty of EngineeringBar-Ilan UniversityRamat GanIsrael

Personalised recommendations